IoT security is more than just device protection: It’s about brand and reputation too

Market researchers regularly forecast huge numbers of connected devices in the next few years. Some say 20 billion, others say 50 billion, some even predict a trillion. Whatever the real number, the truth is, businesses and consumers are increasingly aware of the benefits of the Internet of Things (IoT), resulting in original equipment manufacturers and device developers rushing to put connectivity into everything. Surprisingly though, it’s thought that 96 percent of IoT devices are prone to being tampered with, hacked, or cloned due to lack of adequate in-built security.

This is a huge problem, not just in terms of vulnerability of products, networks and infrastructure, but in terms of brand, reputation, and loss of intellectual property. When you spend huge amounts of money on research and development to give your business a competitive edge, the last thing you need is to have your products and systems compromised and reduce the value of your IP. Not only that, if (and when) an attack does happen, you might have to spend thousands of dollars to send support staff to figure out what went wrong and where; in turn, this can impact your reputation and reduce the value of your brand.

Given that most systems still lack proper IoT security, attacks, cloning and counterfeiting will happen eventually, and on top of that, legislation and policies will gradually come into play and be enforced with penalties.

So, you’ll want to make sure your systems can’t be easily infected, updates can be securely applied, and if the system is compromised, you can identify, remediate and also be able to remove a device from the system. You’ll also need to ensure that you can identify counterfeit or rogue devices and be able to isolate them from the wider network.

All of this points to a complete change in mindset. Security is an existential part of the new age of IoT connected devices – or Business 4.0 as we like to call it. This involves placing security policy higher up in the company and management agenda – not just as a bolt-on to be added as an afterthought. And security is not just a one-off event at product design stage, it needs to be managed throughout the product lifecycle – attacks can happen at any time while a device is in service.

The technology aspects of doing this are covered elsewhere, but what this means fundamentally is this: there is a need to establish a solid root of trust (in the form of hardware keys), strong authentication to verify that a product has access rights or to verify it is genuine, and to be able to track and authenticate it through the development and manufacturing process as well as throughout a product’s entire life.

So how do we enable this?

Secure Thingz and IAR Systems share a vision for helping customers secure intellectual assets, accelerate trustworthy product delivery and add value. Threats will not stop, so we are working together to make superior security available for all in order to build a secure and sustainable future for connected devices.

We believe that IoT security needs to be straightforward, scalable and sustainable, and that security must be integrated from inception, because adding security late in the development process rarely works. Building security into the design process is the best way to achieve long-term robust and scalable security. Beyond protecting intellectual assets, we want to enable customers to make security the bedrock of value across the enterprise.

With our trusted partners – development tools, semiconductor manufacturers, and the wider ecosystem including distributors and programmers – we provide the systems that can help secure the connected world, prevent malware injection and inhibit intellectual property theft. We do this by:

Delivering secure foundations for the IoT

Simplifying secure design

Securing provisioning and programming

Enhancing product lifecycle support

In addition, with connectivity, industries are also transforming business models – to enable consumers and enterprises to buy products on a per-use or shared basis rather than purchasing devices outright. Hence our security implementation also enables the use of business ‘as-a-service’ models, helping assign rights and ownership, providing authentication, and managing multiple users over the life of a product.

As highlighted, with many more billions of devices being connected, our vision is to transform an industry to think security from the beginning of product development. By doing so, we will help IoT product developers to work towards reducing the risk of attack, to help protect their customers and protect their value.